AlgoSec Security Management Solution
Strengths: Very strong security management tool with strong emphasis on layer 3 connection between applications. Pricing is attractive and support is good.
Weaknesses: None that we found.
Verdict: This is an excellent tool, especially for mid- to large-sized organisations. It has everything you need and is comfortably manageable. We compare it to a sailboat – even though it’s fairly large and complex, can be sailed effectively by a single person.
This is one of the more interesting products that we saw this month. Its premise is that it can manage security - and, thus, risk and policies - by managing the data flows within the enterprise. It uses the enterprise's firewalls as a key point of reference to do this. There are three modules in the Security Management Suite: Firewall Analyser, FireFlow and BusinessFlow. Firewall Analyser is the glue that holds everything together and BusinessFlow is the application side of things. It defines the construct of a business application and tells FireFlow how to configure to support the application.
We dropped into the BusinessFlow dashboard. This is the starting point for setting up the system. Each application has detailed information entered here including technical, business and responsibility entries. The technical details include such things as how the application connects with other applications and what the flow paths need to be to achieve the application's mission. The paths are layer 3. The result, when all of the applications are entered into the system, is a connectivity map. When the connectivity between an application and one of its endpoints breaks, an alert tells the analyst that there is a problem.
Vulnerability scans generate remediation workflows and, in some cases, can provide automated firewall configuration change orders. Policies are based on all of the current standards such as PCI, HIPAA, etc. The dashboards have excellent drill-down and, in many cases, present their information in formats comfortable for business managers rather than technical personnel.
We really liked the reporting capability of this tool. Reports can be generated on the fly. We have seen numerous situations where a report is needed immediately, whether to answer a management question or to support an audit. One thing that we found unique is that the applications that talk to each other can be tagged. To understand the communications involved, searches on the tags reveal information quickly.
Additionally, the tool can decommission an application without breaking the other applications with which it communicates. So dependencies are handled neatly and seamlessly. The reverse of that also is true. New deployments can be staged without breaking applications or flows that may be involved. The system has a nice closed loop remediation feature that is implemented through an API that can connect the tool to ticketing systems, such as Remedy or Service Now. If the organisation does not use a third-party ticketing system, this tool can provide one.
New deployments or changes are almost fool-proof. The system takes the initial plan, generates the change requests and then tests the applicable environment. If everything is working already and no change needs to be deployed it automatically closes the request without taking action. We see this as a big time-saver.
Firewall Analyser supports auto discovery and traffic simulation. So, when a change order is entered, it theoretically reconfigures the firewall involved, simulates traffic and determines the consequences of the change. Using its policy engine, the product can examine devices and see the risk, including risky rules - not all firewall rules are always a good idea all of the time - and perform rule cleanup. Along with this, the product can expire rules and require recertification. This calls attention to obsolete rules.
The reporting on this solution is excellent. It is well-formatted for meeting regulatory requirements and it provides everything needed by management, auditors and support engineers. It begins with baseline configuration analysis reporting and follows changes. Overall, this is one of the most complete security management systems we've seen.
The website has a good support portal that includes a knowledge base, the documentation is straightforward and no-cost, eight-hours-a-day/five-days-a-week support is included with basic, while preferred and premium support are available at fees ranging from 20 to 40 percent.